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Description 

COMPUTER SYSTEM AND METHOD FOR 
CONTROLLING THE SAME 

Background of Invention 
[000 1 ] 1. Field of the Invention 

[0002] The present invention relates to a computer system, and 
more particularly, to a computer system controlled by a 
private key such as an integrated drive electronics device 
and related method. 

[0003] 2. Description of the Prior Art 

[0004] | n recent years, due to the explosive progress in informa- 
tion technology, personal computers are becoming one of 
the most important information devices in daily lives. In 
order to protect data stored in a personal computer from 
access by unknown users, a variety of data protection 
mechanisms for the personal computer are available in 
the market. These data protection mechanisms include, 
for example, a data encryption for directly encrypting data 



stored in a computer system and an authentication mech- 
anism such as a BIOS or an OS authentication mechanism 
for preventing users like hackers from intruding. The data 
encryption encrypts original data stored in a computer 
system with a key of 128-bit long data and converts the 
original data into encrypted data of nonsensical form. 
Therefore, even the computer system is intruded and the 
encrypted data is "stolen", in the end, the thief still cannot 
read the encrypted data without the key. The authentica- 
tion mechanism protects the computer system by selec- 
tively executing an operating system according to input 
data such as a username and a password input to the 

computer system. 
Summary of Invention 

[0005] it is therefore a primary objective of the invention to pro- 
vide a computer system controlled by a private key, such 
as an integrated drive electronics device, and related 
method. 

[0006] According to the invention, the method comprises (a) 

storing a first identification information into a first non- 
volatile memory of the computer system, (b) storing a 
second identification information into a second non- 
volatile memory of a first IDE device, (c) comparing the 



first identification information stored in the first non- 
volatile memory of the computer system and the second 
identification information stored in the second non- 
volatile memory of the first IDE device after the computer 
system is turned on, and (d) executing a predetermined 
program code if the first identification information 
matches the second identification information. 

[0007] | n a preferred embodiment, the first IDE device is a pocket 
drive and the predetermined program code is an operat- 
ing system program code. 

[0008] it j S an advantage of the invention that the method does 
not execute the predetermined program code if the sec- 
ond identification information stored in the second non- 
volatile memory of the pocket drive is compared and 
matches the first identification information stored in the 
first non-volatile memory. In other words, if the second 
identification information stored in the second non- 
volatile memory of the pocket drive does not match the 
first identification information stored in the first non- 
volatile memory, the method will not execute the operat- 
ing system program code so as to protect a computer 
system from access by an unknown user. 

[0009] These and other objectives of the present invention will no 



doubt become obvious to those of ordinary skill in the art 
after reading the following detailed description of the pre- 
ferred embodiment that is illustrated in the various fig- 
ures and drawings. 
Brief Description of Drawings 

[0010] pig.l is a schematic diagram of a computer system of a 

preferred embodiment according to the present invention. 
[001 1] pig. 2 is a function block diagram of the computer system 

shown in Fig.l according to the present invention. 
[0012] pig. 3 is a flowchart of a preferred method for controlling 

the computer system shown in Fig.l according to the 

present invention. 
[0013] Fig. 4 is a flowchart of a second method for controlling the 

computer system shown in Fig.l according to the present 

invention. 

[0014] Fig. 5 is a flowchart of a third method for controlling the 
computer system shown in Fig.l according to the present 
invention. 

[0015] Fig. 6 is a flowchart of a fourth method for controlling the 
computer system shown in Fig.l according to the present 
invention. 

[0016] Fig. 7 is a flowchart of a fifth method for controlling the 
computer system shown in Fig.l according to the present 



invention. 

[0017] pig. 8 is a flowchart of a sixth method for controlling the 

computer system shown in Fig.l according to the present 

invention. 
Detailed Description 

[0018] please refer to Fig.l and Fig. 2. Fig.l is a schematic dia- 
gram of a computer system 10 of a preferred embodiment 
according to the present invention. Fig. 2 is a function 
block diagram of the computer system 10. The computer 
system 10 comprises a display device 11 for displaying 
information, a processor 12 electrically connected to the 
display device 11 for processing data and program codes, 
a read-only memory (ROM) 14 electrically connected to 
the processor 12 and having a basic input/output system 
(BIOS) program code stored therein, a first non-volatile 
memory 16 electrically connected to the processor 12 for 
storing at least a first identification information, an input 
device 18 electrically connected to the processor 12 for 
inputting an identification information, a first integrated 
drive electronics (IDE) device 20 electrically connected to 
the processor 12 for storing an operating system (OS) 
program code, a universal serial bus (USB) port 22, and a 
second IDE device 24 being capable of plugging into the 



USB port 22 and having a second non-volatile memory 26 
for storing a second identification information. 

[0019] | n this preferred embodiment of the present invention, the 
BIOS program code controls the processor 12 to execute a 
power-on self test (POST) and detects whether or not the 
first IDE device 20 or other hardware components, such as 
a random access memory (RAM), functions normally. The 
first and second non-volatile memories 16 and 26 are 
flash memories, the input device 18 is a keyboard, the 
first IDE device 20 is a hard disk drive (HDD), and the sec- 
ond IDE device 24 is a pocket drive. Although the compo- 
nents of this embodiment are described using specific el- 
ements, it is noted that these specific elements are for il- 
lustrative purpose only but not for limiting the scope of 
the invention. For example, the input device 18 can be a 
mouse or a touch panel. 

[0020] please refer to Fig. 3, which is a flowchart of the method 
100 for controlling the computer system 10 according to 
the present invention. The method 100 comprises the fol- 
lowing steps: 

[0021] ste p i02:start; 

[0022] (The pocket drive 24 is assumed to be plugged into the 
USB port 22 of the computer system 10.); 



[0023] s tep 104:power on the computer system 10; 

[0024] s t e p i06:the processor 12 executes the BIOS program 
code stored in the ROM 14; 

[0025] (The processor 12 executes the BIOS program code stored 
in the ROM 14 automatically after the computer system 10 
is powered on. In the preferred embodiment, the BIOS 
program code controls the processor 12 to compare the 
second identification information stored in the flash 
memory 26 of the pocket drive 24 with the first identifica- 
tion information stored in the flash memory 16.) 

[0026] step 108:compare the second identification information 
with the first identification information. If the second 
identification information matches the first identification 
information, go to step 110, else go to step 190; 

[0027] represents that the pocket drive 24 plugged into the 

USB port 22 of the computer system 10 is indeed the pri- 
vate key for the computer system 10 if the second identi- 
fication information matches the first identification infor- 
mation. On the contrary, if the second identification infor- 
mation does not match the first identification information, 
either the pocket drive 24 plugged into the USB port 22 of 
the computer system 10 is not the private key for the 
computer system 10 or the USB port 22 of the computer 



system 10 does not have any IDE devices plugged into it.) 
[0028] s tep ll0:the processor 12 executes the OS program code; 
and 

[0029] (After identifying that the pocket drive 24 is indeed the 
private key to turn on the computer system 10, the pro- 
cessor 12 executes the OS program code stored in the 
HDD 20. Strictly speaking, what the processor 12 executes 
first is a bootstrap loader stored in the HDD 20, and the 
OS program code is loaded by the bootstrap loader into a 
RAM for execution.) 

[0030] st ep I90:end. 

[0031] (The computer system 10 either has completed the POST 
or declines to execute the OS program code because the 
detection result of the pocket drive 24 plugged into the 
USB port 22 is not the private key for the computer system 
10 or the USB port 22 does not have any IDE devices 
plugged into it.) 

[0032] | n this preferred embodiment of the present invention, the 
BIOS program code stored in the ROM 14 controls the 
processor 12 not to execute the OS program code after 
identifying that the second identification information does 
not match the first identification information (the pocket 
drive 24 is not the private key for the computer system 10 



or the USB port 22 does not have any IDE devices plugged 
into it). The computer system 10 can further release an 
alarm signal at the same time to notify the user and/or 
manager of the computer system 10 that the private key 
does not match. 

[0033] please refer to Fig. 4, which illustrates a method 200 of a 
second embodiment according to the present invention. 
According to the method 200, the BIOS program code 
stored in the ROM 14 of the computer system 10 controls 
the processor 12 to compare the second identification in- 
formation with the first identification information repeat- 
edly, and prevents the processor 12 from executing the 
OS program code until the second identification informa- 
tion matches the first identification information. The 
method 200 comprises the following steps: 

[0034] step 202:start; 

[0035] (The pocket drive 24, another pocket drive, or nothing 

was plugged into USB port 22 of the computer system 10.) 
[0036] s tep 204:power on the computer system 10; 

[0037] st ep 206:the processor 12 executes the BIOS program 

code stored in the ROM 14; 
[0038] (| n the second embodiment, the BIOS program code con- 



trols the processor 12 to compare the second identifica- 
tion information stored in the flash memory 26 of the 
pocket drive 24 with the first identification information 
stored in the flash memory 16.) 

[0039] s tep 208:compare the second identification information 
with the first identification information. If the second 
identification information matches the first identification 
information, go to step 210, else go to step 206; 

[0040] (it means that the pocket drive 24 plugged into the USB 
port 22 of the computer system 10 is indeed the private 
key for the computer system 10 if the second identifica- 
tion information matches the first identification informa- 
tion. On the contrary, if the second identification informa- 
tion does not match the first identification information, 
either the pocket drive 24 plugged into the USB port 22 of 
the computer system 10 is not the private key for the 
computer system 10 or the USB port 22 of the computer 
system 10 does not have any IDE devices plugged into it. 
Then, the BIOS program code controls the processor 12 to 
compare the second identification information with the 
first identification information repeatedly until the second 
identification information matches the first identification 
information (the pocket drive 24 corresponding to the 



computer system 10 is plugged into the USB port 22 of 
the computer system 10.)) 

[0041] step 210:the processor 12 executes the OS program code; 
and (After identifying that USB port 22 of the computer 
system 10 has the pocket drive 24 corresponding to the 
computer system 10 plugged into it, the processor 12 ex- 
ecutes the OS program code stored in the HDD 20.) 

[0042] step 290:end. 

[0043] (The computer system 10 has executed the POST success- 
fully.) 

[0044] please refer to Fig. 5, which illustrates a method 800 of a 
third embodiment according to the present invention. The 
method 800 is a combination of method 100 and method 
200. for method 800, after determining whether or not 
the second identification information matches the first 
identification information, the BIOS program code can se- 
lectively control the processor 12 either to decline to exe- 
cute the OS program code (as described in step 190 of the 
method 100) or to continuously execute the BIOS program 
code (as described in step 206 of the method 200). The 
method 800 comprises the following steps: 

[0045] step 802:start; 



[0046] (The pocket drive 24, another pocket drive, or nothing 

was plugged into USB port 22 of the computer system 10.) 
[0047] step 804:power on the computer system 10; 

[0048] s tep 806:the processor 12 executes the BIOS program 
code stored in the ROM 14; 

[0049] (| n the third embodiment, the BIOS program code controls 
the processor 12 to compare the second the identification 
information stored in the flash memory 26 of the pocket 
drive 24 with the first identification information stored in 
the flash memory 16.) 

[0050] step 808:compare the second identification information 
with the first identification information. If the second 
identification information matches the first identification 
information, go to step 810, else go to step 809; 

[0051] (jt means that the pocket drive 24 plugged into the USB 
port 22 of the computer system 10 is indeed the private 
key for the computer system 10 if the second identifica- 
tion information matches the first identification informa- 
tion represents. On the contrary, if the second identifica- 
tion information does not match the first identification in- 
formation, either the pocket drive 24 plugged into the USB 
port 22 of the computer system 10 is not the private key 
for the computer system 10 or the USB port 22 of the 



computer system 10 does not have any IDE devices 
plugged thereon.) 

[0052] step 809:Querying whether repeating the step of compar- 
ing the second identification information with the first 
identification information or not? If yes, go to step 806, 
else go to step 890. 

[0053] (if a user 0 f the computer system 10 chooses to continue 
comparing the second identification information with the 
first identification information, the BIOS program code 
then controls the processor 12 to compare the second 
identification information with the first identification in- 
formation again.) 

[0054] s tep 810:the processor 12 executes the OS program code; 
and (After identifying that the pocket drive 24 corre- 
sponding to the computer system 10 is plugged into the 
USB port 22 of the computer system 10, the processor 12 
executes the OS program code stored in the HDD 20.) 

[0055] step 890:end. 

[0056] (The computer system 10 either has executed the POST 
successfully or declines to execute the OS program code 
because that the pocket drive 24 is not the private key for 
the computer system 10 or that no IDE devices is plugged 
into the USB port 22 of the computer system 10 and the 



user of the computer system 10 does not intend to com- 
pare the second identification information with the first 
identification information further.) 
[0057] According to the method 100, 200 and 800, the BIOS pro- 
gram code only controls the processor 12 to compare the 
second identification information with the first identifica- 
tion information. Please refer to Fig. 6, which is a flowchart 
of method 300 of the fourth embodiment of the present 
invention. According to method 300, the flash memory 16 
of the computer system 10 has a plurality of first identifi- 
cation information stored therein, and the BIOS program 
code stored in the ROM 14 of the computer system 10 
controls the processor 12 to compare the second identifi- 
cation information with the plurality of first identification 
information and control the processor 12 to execute the 
OS program code if the second identification information 
matches one of the plurality of first identification infor- 
mation. The first identification information comprises pri- 
mary first identification information and secondary first 
identification information, which correlate to different 
level of authority for the user. Accordingly, after identify- 
ing that the second identification information matches a 
primary identification information, the BIOS program code 



can also control the processor 12 to update the plurality 
of first identification information according to data in- 
putted through the input device 18 . In the computer sys- 
tem 10, although the flash memory 26 of the pocket drive 
24 stores only one second identification information cor- 
responding to the pocket drive 24, the flash memory 16 
stores a plurality of first identification information, in- 
cluding one primary first identification information corre- 
sponding to this master pocket drive 24. In this embodi- 
ment, there is at least one secondary pocket drive can be 
used to turn on the computer system 10 without the au- 
thority of modifying first identification information. The 
computer system 10 will execute the OS program code 
when a pocket drive plugged into the USB port 22 of the 
computer system 10 is detected to be the secondary 
pocket drive. The method 300 comprises the following 
steps: 
[0058] step 302:start; 

[0059] (The master pocket drive 24, the secondary pocket drive, 
another irrelevant pocket drive, or nothing is plugged into 
the USB port 22 of the computer system 10, which both 
the master pocket drive 24 and the secondary pocket 
drive can be used to turn on the computer system 10.) 



[0060] s tep 304:power on the computer system 10; 

[0061] s tep 306:the processor 12 executes the BIOS program 
code stored in the ROM 14; 

[0062] (According to the fourth embodiment, the BIOS program 
code controls the processor 12 to compare the second 
identification information stored in the flash memory 26 
of the pocket drive 24 with each of the plurality of first 
identification information stored in the flash memory 16.) 

[0063] step 307:compare the second identification information 
with the first identification information. If the second 
identification information matches the primary first iden- 
tification information, go to step 308, if the second iden- 
tification information matches one of the remaining first 
identification information other than the primary first 
identification information, go to step 310, else go to step 
390; 

[0064] (n means that the pocket drive 24 plugged into the USB 
port 22 of the computer system 10 corresponds to the 
master pocket drive for the computer system 10 if the 
second identification information matches the primary 
first identification information. The pocket drive plugged 
into the USB port 22 of the computer system 10 corre- 
sponds to the secondary pocket drive for the computer 



system 10 if the second identification information 
matches one of the remaining first identification informa- 
tion other than the primary first identification information. 
Lastly, if the second identification information does not 
match any of the plurality of first identification informa- 
tion, it represents that the pocket drive plugged into the 
USB port 22 of computer system 10 is neither the primary 
nor the secondary pocket drive for the computer system 
10 or that the USB port 22 of the computer system 10 is 
not plugged, and the BIOS controls the processor 12 to 
turn off the computer system 10.) 
[0065] s tep 308:Does the processor 12 update the plurality of 

first identification information? If yes, go to step 309, else 
go to step 310; 

[0066] (The master pocket drive 24 is the only pocket drive hav- 
ing the authority to update the first identification infor- 
mation.) 

[0067] step 309:The processor 12 updates the first identification 
information stored in the flash memory 16 according to 
data inputted via the input device 18 or the data stored in 
the pocket drive; 

[0068] (The BIOS program code controls the processor 12 to dis- 
play a dialog window on the display device 11 to request 



user of the computer system 10 to input data, such as 
username and password, and the processor 12 updates 
the first identification information according to the in- 
putted data or the data stored in pocket drive.) 

[0069] s tep 310:the processor 12 executes the OS program code; 
and (After identifying that the USB port 22 of the com- 
puter system 10 has a certain pocket drive, such as the 
master pocket drive 24 or the secondary pocket drive, 
corresponding to the computer system 10 plugged 
therein, the processor 12 executes the OS program code 
stored in the HDD 20.) 

[0070] step 390:end. 

[0071] (The computer system 10 has executed the POST success- 
fully, or is turned off due to a detection result that a 
pocket drive plugged into the USB port 22 of the com- 
puter system 10 is neither the master pocket drive 24 nor 
the secondary pocket drive, or that the USB port 22 has in 
fact nothing plugged into it.) 

[0072] According to the fourth embodiment, although both the 
master pocket drive 24 and the secondary pocket drive 
correspond to the plurality of first identification informa- 
tion and can be used to turn on the computer system 10, 
only the master pocket drive 24 corresponding to the pri- 



mary first identification information has the authority to 
update the first identification information. In other words, 
a user of the master pocket drive 24 can update the first 
identification information and authorize a secondary 
pocket drive to turn on the computer system 10. 

[0073] According to the method 300, the BIOS program code 

controls the processor 12 to execute the OS program code 
after determining whether or not to update the plurality of 
first identification information. However, the BIOS pro- 
gram can alternatively control the processor 12 to first 
execute the OS program code after determining that a 
pocket drive plugged into the USB port 22 of the com- 
puter system 10 is the primary or the secondary pocket 
drive corresponding to the computer system 10, and then 
determine whether or not to control the processor 12 to 
update the plurality of first identification information. 

[0074] please refer to Fig. 7 and Fig. 8, which are two flowcharts of 
a method 400 and a method 500 of the fifth and sixth 
embodiments respectively of the present invention. Ac- 
cording to the methods 400 and 500, the BIOS program 
code controls the processor 12 to first execute the OS 
program code after determining whether or not a pocket 
drive plugged into the USB port 22 of the computer sys- 



tern 10 is the master or the secondary pocket drive, and 
then determine whether or not to control the processor 12 
to update the plurality of first identification information. A 
difference between method 400 and method 500 is de- 
scribed as follows. For method 400, the BIOS program 
code first instructs the processor 12 to determine whether 
the second identification information matches the primary 
first identification information; if yes, then it queries 
whether to control the processor 12 to update the plural- 
ity of first identification information or not. For method 
500, the BIOS program code first controls the processor 
12 to query the user whether or not he/she wants to up- 
date the plurality of first identification information; if yes, 
then it controls the processor 12 to determine whether 
the second identification information matches the primary 
first identification information. 
[0075] The method 400 comprises the following steps: 

[0076] s tep 402:start; 

[0077] (Either the master pocket drive 24, the secondary pocket 
drive, another pocket drive, or nothing is plugged in the 
USB port 22 of the computer system 10. Both the master 
pocket drive 24 and the secondary pocket drive can be 



used to turn on the computer system 10.) 
[0078] s tep 404:power on the computer system 10; 

[0079] s tep 406:the processor 12 executes the BIOS program 
code stored in the ROM 14; 

[0080] (According to the fifth embodiment, the BIOS program 
code controls the processor 12 to compare the second 
identification information stored in the flash memory 26 
of the pocket drive 24 with the plurality of first identifica- 
tion information stored in the flash memory 16.) 

[0081] step 408:compare the second identification information 
with the first identification information. If the second 
identification information matches one of the plurality of 
first identification information, go to step 410, else go to 
step 490; 

[0082] (n means that a pocket drive plugged into the USB port 22 
of the computer system 10 is either the master pocket 
drive 24 or the secondary pocket drive if the second iden- 
tification information matches one of the plurality of first 
identification information. On the contrary, if the second 
identification information does not match any of the plu- 
rality of first identification information, it represents that 
the pocket drive plugged into the USB port 22 of com- 
puter system 10 is neither the primary nor the secondary 



pocket drive for the computer system 10 or that the USB 
port 22 of the computer system 10 is not plugged, and 
the BIOS controls the processor 12 to turn off the com- 
puter system 10.) 
[0083] s tep 410:the processor 12 executes the OS program code; 

[0084] step 412:Compare the second identification information 
with the first identification information. If the second 
identification information matches the primary first iden- 
tification information, go to step 414, else go to step 490; 

[0085] (The pocket drive plugged into the USB port 22 of the 

computer system 10 is the master pocket drive 24, which 
is the pocket drive having the privilege to update the plu- 
rality of first identification information.) 

[0086] step 414:Update the plurality of first identification infor- 
mation? If yes, go to step 416, else go to step 490; 

[0087] step 416:The processor 12 updates the first identification 
information stored in the flash memory 16 according to 
data input by the input device 18 or the data stored in 
pocket drive; 

[0088] (The BIOS program code controls the processor 12 to dis- 
play a dialog window on the display device 11 to request a 
user of the computer system 10 to input data, such as 
username and a password, and the processor 12 updates 



the first identification information according to the in- 
putted data or the data stored in the pocket drive.) 
[0089] step490:end. 

[0090] (The computer system 10 has executed the POST success- 
fully, or is turned off due to a detection result that a 
pocket drive plugged into the USB port 22 of the com- 
puter system 10 is neither the master pocket drive 24 nor 
the secondary pocket drive, or the USB port 22 has in fact 
nothing plugged into it.) 

[0091] The method 500 comprises the following steps: 

[0092] step 502:start; 

[0093] (Either the master pocket drive 24, the secondary pocket 
drive, another pocket drive, or nothing is plugged in the 
USB port 22 of the computer system 10. Both of the mas- 
ter pocket drive 24 and the secondary pocket drive can be 
used to turn on the computer system 10.) 

[0094] s tep 504:power on the computer system 10; 

[0095] s tep 506:the processor 12 executes the BIOS program 
code stored in the ROM 14; 

[0096] (According to the sixth embodiment, the BIOS program 
code controls the processor 12 to compare the second 
identification information stored in the flash memory 26 



of the pocket drive 24 with the plurality of first identifica- 
tion information stored in the flash memory 16e.) 
[0097] step 508:compare the second identification information 
with the first identification information. If the second 
identification information matches one of the plurality of 
first identification information, go to step 510, else go to 
step 590; 

[0098] (The pocket drive plugged into the USB port 22 of the 

computer system 10 is either the master pocket drive 24 
or the secondary pocket drive if the second identification 
information matches one of the plurality of first identifi- 
cation information. On the contrary, if the second identifi- 
cation information does not match any of the plurality of 
first identification information, it represents that the 
pocket drive plugged into the USB port 22 of computer 
system 10 is neither the primary nor the secondary pocket 
drive for the computer system 10 or that the USB port 22 
of the computer system 10 is not plugged, and the BIOS 
controls the processor 12 to turn off the computer system 
10.) 

[0099] s tep 510:the processor 12 executes the OS program code; 

[0100] step 512:Update the plurality of first identification infor- 
mation? If yes, go to step 514, else go to step 590; 



[0101] step 514:Compare the second identification information 
with the plurality of first identification information. If the 
second identification information matches the primary 
first identification information, go to step 516, else go to 
step 590; 

[0102] (The pocket drive plugged into the USB port 22 of the 

computer system 10 is the master pocket drive 24, which 
is the pocket drive having the privilege to update the plu- 
rality of first identification information.) 

[0103] s tep 516:The processor 12 updates the first identification 
information stored in the flash memory 16 according to 
data inputted by the input device 18 or the data stored in 
pocket drive; 

[0104] (The BIOS program code controls the processor 12 to dis- 
play a dialog window on the display device 11 to request a 
user of the computer system 10 to input data, usually in- 
cluding username and password, and the processor 12 
updates the first identification information according to 
the inputted data or the data stored in the pocket drive.) 

[0 1 °5] step 590:end. 

[0106] (The computer system 10 has executed the POST success- 
fully, or is turned off due to a detection result that a 
pocket drive plugged into the USB port 22 of the com- 



puter system 10 is neither the master pocket drive 24 nor 
the secondary pocket drive, or the USB port 22 has in fact 
nothing plugged into it.) 
[0107] According to the fourth, the fifth, and the sixth embodi- 
ments, the BIOS program code turns off the computer 
system 10 after detecting that the second identification 
information does not match the first identification infor- 
mation, as described in step 307 of the method 300, in 
step 408 of the method 400, and in step 508 of the 
method 500. However, the methods 300, 400, and 500 
can also be designed to have the BIOS continue on com- 
paring the second identification information with the first 
identification information if the second identification in- 
formation does not match the first identification informa- 
tion, as described in step 809 of the method 800 shown 
in Fig. 5. 

[0108] For methods 300, 400 and 500, updating the first identi- 
fication information may also be carried out by inserting 
an unregistered pocket drive into a second USB port of the 
computer system 10 when the master pocket drive 24 is 
plugged in the USB port 22. The BIOS program code con- 
trols the processor 12 to update the first identification in- 
formation according to the data stored in this unregis- 



tered pocket drive, thus completes the registration of this 
new pocket drive. After registration, the second identifi- 
cation information stored in this new pocket drive will 
match one of the updated plurality of first identification 
information stored in flash memory 16. 

[0109] The pocket drive is not limited to one single type of mem- 
ory drive; all devices that carry information can be utilized 
as the private key. In addition, it is not necessary for the 
identification information to be transmitted through USB 
port; even wireless route can be used to fetch the second 
identification information from the pocket drive. 

[0110] please be noted that steps 190, 290, 390, 490, 590 and 
890 of the abovementioned embodiments represents 
ending of identification and/or updating process of meth- 
ods 100, 200, 300, 400, 500 and 800. It does not identi- 
cal to turning off the computer. If the second identifica- 
tion information does not match any of the plurality of 
first identification information, the BIOS program code, 
after finished either methods 100, 200, 300, 400, 500 or 
800, will control the computer system 10. However, if the 
second identification information matches any of the plu- 
rality of first identification information, the OS program 
code will take charge of running the computer system 10. 



In contrast to the prior art, the present invention controls 
a computer system with a firmware as a private key. Since 
only the user or the manufacturer of the computer system 
can own the private key, any one without the private key 
can neither turn on the computer system nor access the 
computer system, thus secures the privacy of data. Addi- 
tionally, according to the embodiments of the present in- 
vention, the owner of the computer system can authorize 
a user of a pocket drive corresponding to a certain identi- 
fication information (one of the plurality of first identifica- 
tion information) to turn on the computer system by up- 
dating the plurality of first identification information with 
the certain identification information, so as to broaden the 
usability of the computer system. Lastly, the first identifi- 
cation information can be alternatively stored in an indi- 
vidual memory like a ROM, while ordinary data different 
from the first identification information can be stored in a 
flash memory. 

[0112] Those skilled in the art will readily observe that numerous 
modifications and alterations of the device and method 
may be made while retaining the teachings of the inven- 
tion. Accordingly, the above disclosure should be con- 
strued as limited only by the metes and bounds of the ap- 



pended claims. 



